Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Apr 2016 16:24:52 +0200
From: Martin Prpic <>
To: "OSS Security Mailinglist" <>
Subject: CVE request: three issues in libksba


Can CVEs please be assigned to these three issues (unless they've
already been assigned and I failed to find them):

Denial of Service due to stack overflow in src/ber-decoder.c;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a

Integer overflow in the BER decoder src/ber-decoder.c;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887

Integer overflow in the DN decoder src/dn.c;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3

A Gentoo advisory lists them as being fixed in version 1.3.3 and higher:

Thank you!

Martin Prpič / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ